Privacy Policy

Information in accordance with § 5 TMG
‍
VOIDS Technology GmbH
‍Hahnenkamp 13
22765 Hamburg
Germany
‍
E-Mail: voids@voids.ai
‍Website: www.voids.ai
‍Managing directors: Jannik Semmelhaack, Tobias Wandersleb
Place or jurisdiction: Hamburg, Germany
Company registration number: HRB 176999
VAT ID: DE356338943

Privacy Policy

last updated: July 17, 2025

Introduction

This Privacy Policy describes how VOIDS Technology GmbH (“VOIDS”, “we”, “our” or “us”) processes personal data in two contexts:
‍
1. Services – the demand forecasting and inventory optimization services we provide including related integrations (the “Services”); and
2. Website – our public website located at https://voids.ai, its sub-domains, and any associated web-based and mobile applications such as https://app.voids.ai (collectively, the “Website”).

The Policy explains how we collect, use, disclose and protect personal data in both contexts. Where relevant, we clarify whether a provision applies to the Services, the Website, or both. It is intended for Merchants who deploy our applications in their e-commerce environment and any persons whose personal data may be processed as part of the Services. This Policy is meant to help you understand how we collect, use, communicate, disclose, and make use of personal information. We use your personal information only for providing and improving the Services and Website. By using the Services or Website, you agree to the collection and use of information in accordance with this policy. The following outlines our privacy policy.

We will collect and use personal information solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law. We will retain personal information only as long as necessary for the fulfillment of those purposes. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. Personal data should be relevant to the purposes for which it is to be used and, to the extent necessary for those purposes, should be accurate, complete, and up to date. We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. We will make readily available to customers information about our policies and practices relating to the management of personal information.

Definitions

Personal Data
Any information relating to an identified or identifiable natural person, as defined in Art. 4(1) GDPR. Examples include a person’s name, email address, order details, or an identifier such as an IP address.

‍Non-Personal Data
Information that does not relate to an identified or identifiable person, including fully anonymized or aggregated data. Non-Personal Data may be used by VOIDS for statistical purposes, benchmarking, service improvements, or other business purposes, provided it cannot be re-linked to an individual.

‍Data Controller / Data Processor
- App / Services context: For data processed via the VOIDS app, the Merchant is the data controller. VOIDS Technology GmbH acts as a data processor, processing Merchant and Customer Data only on the Merchant’s behalf and in accordance with the Merchant’s instructions.
- Website context: For data collected directly through the Website (e.g., contact forms, cookies), VOIDS Technology GmbH is the data controller.

‍Merchant Data Ownership and Processing Role
The Merchant retains all right, title, and interest in and to Merchant Data. The Merchant grants VOIDS a non-exclusive, royalty-free, worldwide licence to use, process, aggregate, and anonymize Merchant Data solely to provide, operate, secure, and improve the SaaS Products (including training forecasting and other machine learning models, analytics, and aggregated benchmarks), provided that no Merchant Data is disclosed in an identifiable form.

Contact Information

VOIDS can be contacted regarding this Privacy Policy at: tobias.wandersleb@voids.ai.

Jurisdiction and Applicable Regulations

This Privacy Policy has been prepared in accordance with applicable data protection laws, including Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation). Where relevant, it is also intended to comply with applicable U.K. data protection laws and U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA). This Privacy Policy applies to both the Website and the Services, unless stated otherwise.

Legal Basis of Processing

Website (Controller)
As controller for Website Data, VOIDS processes personal data on the following legal bases under Art. 6 GDPR:
- Consent (Art. 6(1)(a)) – e.g., for non-essential cookies or marketing communications.
- Performance of a contract (Art. 6(1)(b)) – e.g., to manage accounts or respond to enquiries.
- Compliance with legal obligations (Art. 6(1)(c)) – e.g., for tax, accounting, or regulatory requirements.
- Legitimate interests (Art. 6(1)(f)) – e.g., to ensure Website security, prevent abuse, perform analytics, and improve service quality.

‍Services (Processor)
‍For personal data processed via the VOIDS app and related Services, the Merchant is the controller. VOIDS acts solely as a processor under Art. 28 GDPR and processes personal data exclusively on the Merchant’s documented instructions, as set out in the AVV (Auftragsverarbeitungsvertrag). The Merchant determines the lawful basis for such processing.

Your Privacy

VOIDS processes personal data only for the purposes described in this Privacy Policy and in line with applicable data protection laws. If you provide personal data for a specific purpose, VOIDS will use it solely for that purpose or as otherwise permitted by law.

For example, account registration information is used to provide and support the Services. In addition, VOIDS may process personal data and aggregated, non-identifiable information to:
- maintain security and integrity of the Services and Website,
- ensure proper operation and performance, and
- develop and improve features, forecasting models, and related offerings for the benefit of our Merchants.

Such processing is always carried out within the scope of the legal bases set out in this Privacy Policy.

Information We Collect

The type and amount of information VOIDS collects depends on how you interact with the Website and Services:
- Website visitors may browse the Website without providing Personal Data. Certain features (such as contact forms, demo requests, or newsletter sign-ups) require you to provide limited Personal Data, such as your name, company, and email address.
- Merchants using the Services provide Merchant Data and Customer Data through integrations (e.g., order details, product and inventory data, and related operational information) in order for VOIDS to deliver demand forecasting and inventory optimization.
- Optional information may also be provided voluntarily (for example, feedback or additional contact details).In general, you control the amount and type of information you choose to share with us.

Categories of Data Processed

We process the following categories of data to provide and improve the Services:
- Customer Data – limited order‑related personal data (e.g., order details, name, email address linked to an order) required to provide demand forecasts and replenishment alerts.
- Platform Data – product listings, variants, inventory levels, discount rules, shipping information, store configurations, and analytics from the Merchant’s Shopify account.
- Operational Data – configuration data, log files, usage statistics, and technical metadata related to the Merchant’s use of the App.
- Website Data – cookies, IP addresses, device/browser info, analytics data (applies only to visitors of voids.ai).

Shopify scopes and PCD: We only request the Shopify API scopes necessary, including Protected Customer Data Level 1 for orders. We do not request access to full customer profiles or sensitive categories beyond what is necessary for the Services.

Computer Information Collected (Website visitors)

When you visit the Website, VOIDS automatically collects certain technical and usage information from your device and browser. This data helps us operate the Website securely, measure performance, and improve the user experience.

We may collect the following types of information:
- Cookies and similar technologies. The Website uses cookies and similar tools to enable core functionality (e.g., login, session management) and, where you consent, to perform analytics and improve content. Cookies may store unique identifiers but do not contain names or direct identifiers. You can manage your cookie preferences in your browser settings; however, disabling certain cookies may limit Website functionality.
- Geolocation data. If you use our mobile application and enable location services, we may collect approximate location data (e.g., city level) to provide location-based features. You can disable location collection at any time in your device settings.
- Automatic information. We receive certain information automatically from your browser or device, such as IP address, browser type and version, operating system, referring and exit pages, and timestamps. This helps us analyze usage trends and improve the Website.
- Log data. Like many online services, we keep logs of visits to our Website, which may include IP addresses, pages visited, time spent, and related diagnostic information.
- Analytics tools. VOIDS uses analytics services (such as Google Analytics) to understand how visitors use the Website, measure performance, and improve functionality. These tools may collect information such as IP addresses, browser type, and usage patterns through cookies or similar technologies. Processing is based on your consent under Art. 6(1)(a) GDPR, where required. Data may be transferred outside the EEA/UK (e.g., to the United States) with appropriate safeguards such as Standard Contractual Clauses. You can manage your consent or opt out at any time via the Website’s cookie banner or your browser settings.

‍Children’s Data
‍VOIDS does not knowingly collect Personal Data from children. Our Services are intended for business users (Merchants) and are not directed at individuals under 16 years of age in the EU/UK, or under 13 years of age in the United States. If we become aware that we have collected Personal Data from a child without appropriate consent, we will delete it promptly

How We Use Your Information

Services (App context)
In connection with the VOIDS app, we process Merchant Data solely for the following purposes:
- Generating demand and inventory forecasts and optimization recommendations.
- Providing alerts and notifications relating to stock levels and replenishment.
- Producing reports and analytics for Merchants.
- Maintaining the performance, security, and availability of our systems.

‍Website (Website context)
When you use our Website, VOIDS processes Website Data for the following purposes:
- Customization. Personal Data you provide (e.g., contact details) may be combined with technical data (e.g., cookies) to personalize and improve your Website experience.
- Service providers. We may share Personal Data with trusted service providers (such as hosting, analytics, and infrastructure partners) who process data on our behalf under contractual confidentiality and security obligations. We do not sell or rent your Personal Data to third parties.
- Aggregated data. We may use Non-Personal Data or aggregated information for internal analytics, benchmarking, and to improve our Website and Services. Such aggregated data does not identify individuals.
- Legal compliance. We may disclose Personal Data where required by law, in response to lawful requests by public authorities, or to protect our rights, property, employees, Merchants, or users.

Opt‑Out

You can manage your communication preferences with VOIDS at any time:
- Service communications. Certain essential service-related communications (such as security alerts, billing notices, or critical service updates) cannot be opted out of as they are necessary for the performance of the Services.
- Right to object. Under applicable data protection laws, you may also object at any time to the processing of your Personal Data for direct marketing purposes.

Links to Other Websites

The Website may contain links to third-party websites. VOIDS is not responsible for the privacy practices or content of those third-party websites. Any Personal Data you provide on such sites is subject to the privacy policies of the operators of those sites, not this Privacy Policy.

For convenience, the Website may also include links to websites of VOIDS affiliates. These sites have their own privacy policies, which should be reviewed separately.

Security

VOIDS takes appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. While no method of transmission over the Internet or electronic storage is 100% secure, VOIDS applies industry-standard safeguards such as encryption in transit (TLS/SSL), secure hosting environments, and access controls to minimize risks.

Please note that unencrypted email communication can never be completely secure. We encourage you to take care in deciding what information you send to us via email.

Subprocessors and International Transfers (Services)
‍VOIDS engages trusted subprocessors to support the delivery of the Services, including hosting and infrastructure providers. These currently include (non-exhaustive):
- Amazon Web Services (AWS) EMEA
- Google Cloud EMEA
- Vercel
- Analytics providers (such as Google Analytics, for Website usage analysis)

All subprocessors act on VOIDS’ documented instructions under written data processing agreements that provide protections equivalent to this Privacy Policy.

Data is stored and processed within the EU/EEA where feasible. Where Personal Data is transferred outside the EEA or the United Kingdom, VOIDS ensures appropriate safeguards are in place, such as Standard Contractual Clauses and supplementary technical and organizational measures as required by law.

‍International Transfers (Website)
‍For the Website, VOIDS may use hosting, content delivery networks, analytics, and other service providers that process data in countries outside the EEA and the United Kingdom (e.g., the United States). Where such transfers occur, VOIDS implements appropriate safeguards, including:
- EU Standard Contractual Clauses (and, where applicable, the UK International Data Transfer Addendum/Agreement), and
- supplementary technical and organizational measures designed to protect Personal Data during transfer and processing.

‍Data Retention (Services)
‍VOIDS retains Merchant Data only for as long as necessary to provide the Services. Upon termination of a subscription or uninstallation of the app, VOIDS will delete or anonymize Merchant Data within 30 days, unless a longer retention period is required by law or explicitly agreed with the Merchant (e.g., for dispute resolution or compliance).

When a Merchant uninstalls the VOIDS app, VOIDS receives a Shopify webhook and schedules deletion or anonymization of Merchant Data within the 30-day window. Merchants may request expedited deletion at tobias.wandersleb@voids.ai.

‍Data Retention (Website)
‍VOIDS retains Website Data only for as long as necessary to fulfill the purpose for which it was collected, unless a longer retention period is required by law.
‍
- Contact form and support requests: retained for the time needed to respond and up to 36 months thereafter for audit and quality purposes.
- Newsletter/marketing sign-ups: retained until you withdraw consent (unsubscribe) or your account is deleted, whichever occurs first.
- Analytics data (cookies/usage): retained no longer than necessary and in accordance with our analytics provider’s configurable retention settings (currently up to 26 months as currently set in our analytics provider’s retention settings), after which it is deleted or aggregated/anonymized.

Privacy Policy Updates

VOIDS may update this Privacy Policy from time to time. The “Last Updated” date at the top indicates the most recent revision.

If we make material changes that affect the way we process Personal Data, we will provide notice through appropriate channels (e.g., a notice on our Website, an in-app message, or email notification to Merchants).

We encourage you to review this Privacy Policy periodically to stay informed about how VOIDS protects Personal Data.

Data Subject Rights

Under the GDPR (EU/UK)
Individuals have the following rights in relation to their Personal Data:
- Right to withdraw consent at any time, where processing is based on consent.
- Right to object to processing based on legitimate interests.
- Right of access to obtain confirmation whether Personal Data is being processed and to receive related information.
- Right to rectification of inaccurate or incomplete Personal Data.
- Right to restriction of processing in certain circumstances.
- Right to erasure (“right to be forgotten”) in certain circumstances.
- Right to data portability, to receive Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible.
- Right to lodge a complaint with a supervisory authority.

‍Controller routing. For Merchant/Customer Data processed via the VOIDS app, VOIDS acts only as a processor. Data subjects should direct rights requests (e.g., access, deletion) to the relevant Merchant, who is the controller. VOIDS will assist Merchants in fulfilling such requests where required by law and under our data processing agreement. For Website Data collected directly by VOIDS (e.g., contact forms, cookies), individuals may exercise their rights by contacting VOIDS directly (see Contact section).

‍Supervisory authority. Data subjects also have the right to lodge a complaint with a supervisory authority. For VOIDS, the competent authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (Hamburg Commissioner for Data Protection and Freedom of Information).

‍Under the CCPA/CPRA (California)
If you are a California resident, you may have the following additional rights under the California Consumer Privacy Act (as amended by the CPRA):
- Right to know the categories of Personal Data we collect, the purposes for which it is used, and the categories of third parties with whom it is shared.
- Right to access the specific pieces of Personal Data collected about you.
- Right to deletion of Personal Data we hold about you, subject to certain exceptions.
- Right to correction of inaccurate Personal Data.
- Right to opt out of the sale or sharing of Personal Data (VOIDS does not sell Personal Data).
- Right to non-discrimination for exercising your privacy rights.

To exercise these rights, California residents may contact VOIDS using the details provided in the Contact Information section of this Privacy Policy.

Right to Object

Where Personal Data is processed based on legitimate interests (Art. 6(1)(f) GDPR), individuals have the right to object to such processing on grounds relating to their particular situation.

Individuals also have the right to object at any time to the processing of Personal Data for direct marketing purposes.

Exercising Your Rights

You can exercise your data protection rights by contacting VOIDS using the details provided in the Contact Information section of this Privacy Policy.

Requests can generally be made free of charge and will be handled as quickly as possible, and always within one month, subject to applicable law.

Verifying Requests (Data Subject Requests)

To protect privacy and security, VOIDS may request additional information necessary to verify your identity (and, where applicable, to verify the authority of an authorized agent) before acting on a request to access, correct, delete, or otherwise exercise your rights. If we cannot verify a request, we may be unable to fulfil it.
‍
- Response timeframe: we aim to respond as soon as possible and within one month, subject to applicable law (with extensions where legally permitted for complex requests).
- Fees: requests are generally free of charge unless they are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act, as permitted by law.

Questions or Concerns

VOIDS is committed to protecting Personal Data and complying with applicable data protection laws.

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: tobias.wandersleb@voids.ai

Copyright
‍
The content and works on these pages created by the website operator are subject to German copyright law. The duplication, processing, distribution and any kind of exploitation outside the limits of copyright law require the written consent of the respective author or creator. Downloads and copies of this website are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are observed. In particular, contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, we would ask you to notify us accordingly. As soon as we become aware of legal violations, we will remove such content immediately.